Crypto-Anarchism – A Geek With Guns

Silence!

The 2020 presidential election turned out exactly as I and anybody else who has witnessed two children fighting over a toy expected. The only thing missing was Biden giving Trump a wedgie and calling him a poophead after his victory was certified.

What has been far more interesting to me is the response by our technology overlords. It seems that online service providers are participating in a competition to see who can best signal their hatred of Trump and the Republican Party. MSN is acting as the high score record keeper and listing every online service that has banned Trump or anything related to the Republican Party. Some of the entries were predictable. For example, Facebook and Twitter both banned Trump and Reddit announce that it banned /r/DonaldTrump.

Some of the entries are a bit more interesting (although still not surprising). Apple and Google both banned Parler (basically a shittier Facebook marketed at Republicans) from their respective app stores. Then Amazon, not wanting to be shown up, announced it had banned Parler from using its AWS services (which Parler stupidly chose as its hosting provider). For over a decade I’ve been telling anybody who will listen about the dangers of relying on tightly controlled platforms and other people’s infrastructure (often referred to as “the cloud”). These announcements by Apple, Google, and Amazon are why.

If you use an iOS device, you are stuck playing by Apple’s rules. If Apple says you’re no longer allowed to install an app to access an online service, then you’re no longer allowed to install an app that accesses that online service. The same is true, although to a lesser extent (for now), with Android. Although Android is open source Google exercises control over the platform through access to its proprietary apps. If a device manufacturer wants to include Gmail, Google Maps, and other proprietary Google apps on their Android devices, they need to agree to Google’s terms of service. The saving grace with Android is that its open source nature allows unrestricted images such as LineageOS to be released, but they generally only work on a small list of available Android devices and installing them is sometimes challenging. I’ve specifically mentioned iOS and Android, but the same is true for any proprietary platform including Windows and macOS. If Microsoft and Apple want to prohibit an app from running on Windows and macOS, they have a number of options available to them including adding the app to their operating systems’ build-in anti-malware tools. The bottom line is if you’re running a proprietary platform, you don’t own your system.

Anybody who has been reading this blog for any length of time knows that I self-host my online services. This blog for instance is running on a computer in my basement. Self-hosting comes with a lot of downsides, but one significant upside is that the only person who can erase my online presence is me. If you’re relying on a third-party service provider such as Amazon, Digital Ocean, GoDaddy, etc., your online service is entirely at their mercy. Parler wasn’t the first service to learn this lesson the hard way and certainly won’t be the last.

I’ve had to think about these things for most of my life because my philosophical views have almost always been outside the list of acceptable ideas. I developed absolutist views on gun rights, free speech, and the concept of an accused individual being innocent until proven guilty beyond a reasonable doubt in school and continue to maintain those views today. Opposing all forms of gun and speech restrictions doesn’t make you popular in K-12 and especially doesn’t make you popular in college. Being the person who wants a thorough investigation to determine guilt during a witch hunt generally only results in you being called a witch too. However, that list of acceptable ideas has continuously shortened throughout my life. Absolutist or near absolutist views on free speech were common when I was young. They became less common when I was in college, but the general principle of free speech was still espoused by the majority. Today it seems more common to find people who actually believe words can be dangerous and demand rigid controls on speech. It also seems that any political views slightly right of Leninism have been removed from the list.

If you hold views that are outside of the list of acceptable ideas or are in danger of being removed from the list, you need to think about censorship avoidance. If you haven’t already started a plan to migrate away from proprietary platforms, now is a good time to start. Likewise, if you administer any online services and haven’t already developed a plan to migrate to self-hosted infrastructure, now is actually at least a year too late, but still a better time to start than tomorrow. Our technology overlords have made it abundantly clear that they will not allow wrongthink to be produced or hosted on their platforms.

Fleeing Facebook

Another election is on the horizon, which can only mean Facebook is clamping down on wrongthink in the futile hope that doing so will appease Congress enough that it won’t say mean things about the company that might hurt its stock price. This week’s clamp down appears to be more severe than others. I have several friends who received temporary bans for making posts or comments that expressed apparently incorrect, albeit quite innocent, opinions. A lot of them also reported that some of their friends received permanent bans for posting similar content.

In the old days of the Internet when websites were dispersed you usually had friends from forums, game servers, and various instant messenger clients added on other services. Because of that, getting banned for any single account wasn’t usually a big deal. However, with the centralization that Facebook has brought, losing your Facebook account can mean losing access to a large number of your contacts.

If you are at risk of losing your Facebook account (and if you hold political views even slightly right of Karl Marx, you are), you need to start establishing your contacts on other services now. If you’re like me and have friends that predominantly lean more libertarian or anarchist, you’ve probably seen a number of services being recommended such as MeWe, Parler, and Gab. The problem with these services is that they, like Facebook, are centralized. That means one of two outcomes is likely. If they’re successful, they will likely decide to capitalize by going public. Once that happens, they will slowly devolve into what Facebook has become today because their stock holders will demand it in order to maximize share prices. If they’re not successful, they’ll likely disappear in the coming years, forcing you to reestablish all of your contacts on another service again.

I’m going to recommend two services that will allow you to nip this problem in the bud permanently. The first is a chat service called Element (which was formerly known as Riot). The second is a Twitter-esque service called Mastodon. The reason I’m recommending these two services is because they share features that are critical if you want to actually socialized freely.

The most important feature is that both services can be self-hosted. This means that in the worst case scenario, if no existing servers will accept you and your friends, you can setup your own server. If you’re running your own server, the only people you have to answer to are yourselves. However, you may want to socialize with people outside of your existing friend groups. That’s where another feature called federation comes in. Federation is a feature that allows services on one server to connect with services on another server. This allows the users on one Element or Mastodon instance to socialize with users on another instance. Federation means not having to put all of your eggs in one basket. If you and your friends sign up on different servers, no one admin can ban you all. Moreover, you can setup backup accounts that your friends can add so if you are banned on one server, your friends already have your alternate account added to their contact list.

The reason I’m recommending two services is because Element and Mastodon offer different features that are geared towards different use cases. Element offers a similar experience to Internet Rely Chat (IRC) and various instant messenger protocols (such as Facebook Messenger). It works well if you and your friends want to have private conversations (you can create public chat rooms as well, if you want anybody to be able to join in the conversation). It also offers end-to-end encrypted chat rooms. End-to-end encrypted rooms cannot be surveilled by outside parties meaning even the server administrators can’t spy on your conversation. It’s much harder for a server administrator to ban you and your friends if they’re entirely ignorant of your conversations.

Mastodon offers an experience similar to Twitter (although with more privacy oriented features). You can create public posts that can be viewed by anybody with a web browser and with which anybody with a Mastodon account can interact. This works great if you have a project that requires a public face. For example, you and your friends may work on an open source project about which you provide periodic public updates. Mastodon enables that. Users can also comment on posts, which allows your posts to act as a public forum. Since Mastodon can be self-hosted, you can also setup a private instance that isn’t federated. Thus you could create a private space for you and your friends.

It’s critical to establish your existing contacts on another service now so you don’t find yourself suddenly unable to communicate with them because you expressed the wrong opinion. Even if you don’t choose Element and/or Mastodon, pick a service that you and your friends can tolerate and at least sign up for accounts and add each other to your contact lists. That way if you disappear down Zuckerberg’s memory hole, you can still keep in contact with your friends.

Avoiding Censorship Online

Facebook, Twitter, Reddit, and most other mainstream social media platforms have pledged to increase the speech they censor. This has lead many people, especially those most likely to be censored, to seek greener pastures. They usually tell anybody who will listen to flock to alternate social media platforms such as MeWe, Minds, and Parler. Of course this is an exercise in trading one centrally controlled platform for another. This means users are still at the mercy of the individuals who control the services. Parler has already walked back its commitment to absolute free speech and other alternate platforms will likely do the same.

So is the concept of free speech online hopeless? Not at all. However, you have to take a page from radicals throughout history. If you look at a lot of radicals, they generally owned and operated their own newspapers, magazines, journals, and periodicals. Benjamin Franklin bought a newspaper, Benjamin Tucker printed his own periodical, egoists printed their own journal, and Peter Kropotkin published his own journal. By owning and operating their own print media they were able to say whatever they wanted whenever they wanted.

Today’s Internet has become centralized, corporatized, and sanitized, but that wasn’t always the case. It also doesn’t have to be the case. Anybody can run a server. This blog is hosted on a server sitting in my basement. In fact I self-host most of my online services. This gives me absolute control over my platforms. I can say whatever I want whenever I want.

If you want to express yourself freely, you need to take a page from radicals of yesteryear and own and operate your own platform. Fortunately, it’s easier today than ever before. There are a lot of self-hosted platforms available. For example, if you want something akin to Twitter, there’s Mastodon. If you want something akin to Facebook, there’s Freindica and diaspora*. If you want chatroom functionality, there’s Matrix (which also supports end-to-end encryption so you can speak freely on other people’s servers). In fact there are a ton of self-hosted platforms that cover almost anything you could need. What’s even better is that many of the self-hosted social media platforms can be federated, which means every person in a group could run their own instance and interconnect them.

To quote Max Stirner, “Whoever will be free must make himself free. Freedom is no fairy gift to fall into a man’s lap. What is freedom? To have the will to be responsible for one’s self.”

Mullvad VPN

Periodically I’m asked to recommend a good Virtual Private Network (VPN) provider. I admit that I don’t spend a ton of time researching VPN providers because my primary use case for VPNs is to access my local network and secure my communications when traveling so most of the time I use my own VPN server. When I want to guard my network traffic against my Internet Service Provider (ISP), I use Tor. With that said, I do try to keep at least one known decent VPN provider in my back pocket to recommend to friends.

In the past I have usually recommended Private Internet Access because it’s ubiquitous, affordable, and its claim that it doesn’t keep logs has been proven in court. However, Private Internet Access is based in the United States, which means it can be subject to National Security Letters (NSL). Moreover, Private Internet Access was recently acquired by Kape Technologies. Kape Technologies has a troubling past and you can never guarantee that a company will maintain the same policies after it has been purchased so I’ve been looking at some alternative recommendations.

Of the handful with which I experimented, I ended up liking Mullvad VPN the most. In fact I ended up really liking it (for me finding a decent VPN provider is usually an exercise in finding the least terrible option).

Mullvad is headquartered in Sweden, which means it’s not subject to NSLs or other draconian United States laws (it’s subject to Swedish laws, but I’m outside of that jurisdiction). But even if it’s subjected to some kind of surveillance law, Mullvad goes to great length to enable you to be anonymous, which greatly hinders its ability to surveil you. To start with your account is just a pseudorandomly generated number. You don’t need to provide any identifiable information, not even an e-mail address. When you want to log in to pay your account, you simple enter your number. The nice thing about this is that the number is also easily disposed of. Since you can generate a new account by simply clicking on a link, you can throw away your account whenever you want. You can even generate accounts via its onion service (this link will only work if you’re using the Tor Browser).

Mullvad’s pricing is €5 (roughly $5.50 when I last paid) per month. Paying per month allows you to change accounts every month if you want. Payments can be made using more traditional services such as credit cards and PayPal, but you can also use more anonymous payment options such as Bitcoin and Bitcoin Cash (I would like to see the option of using Monero since it has anonymity built-in).

The thing that initially motivated me to test Mullvad was the fact that it uses WireGuard. WireGuard is our new VPN overlord. If you’re new to WireGuard or less technically inclined, you can download and use Mullvad’s app. If you’re familiar with WireGuard or willing to learn about it, you can use Mullvad’s configuration file generator to generate WireGuard configuration files for your system (this is how I used it). Mullvad also supports OpenVPN, but I didn’t test it because it’s 2020 and WireGuard is our new VPN overlord.

Like most decent VPN providers, Mullvad also has a page to check if your Mullvad connection is setup correctly. It performs the usual tasks of reporting if you’re connecting through a Mullvad server and if your Domain Name System (DNS) requests are leaking. It also attempts to check if your browser is leaking information through WebRTC. You can also test your torrent client in case you want to download Linux distros (because that’s the only thing anybody downloads via BitTorrent) more securely.

I didn’t come across anything egregious with Mullvad, but don’t take my recommendation too seriously (this is the caveat I give to everybody who asks me to recommend a VPN provider). My VPN use case isn’t centered around maintaining anonymity and I didn’t perform thorough testing in that regard. Instead I tested it based on my use case, which is mostly protecting my connection from local actors when traveling. As with anything, you should test the service yourself.

The Users and the Used

I’m happy that computer technology (for the purpose of this post, I mean any device with a computer in it, not a traditional desktop or laptop) has become ubiquitous. An individual who wants a computer no longer has to buy a kit and solder it together. Instead they can go to the store and pick up a device that will be fully functional out of the box. This has lead to a revolution in individual capabilities. Those of us who utilize computers can access a global communication network from almost anywhere using a device that fits in our pocket. We can crank out printed documents faster than any other time in human history. We can collect data from any number of sources and use it to perform analysis that was impractical before ubiquitous access to computers. In summary life is good.

However, the universe is an imperfect place and few things are without their downsides. The downside to the computer revolution is that there are, broadly speaking, different classes of users. They are often divided into technical and non-technical users, but I prefer to refer to them as users and used. My categorization isn’t so much based on technical ability (although there is a strong correlation) as by whether one is using their technology or being used by it.

Before I continue, I want to note that this categorization, like all attempts to categorize unique individuals, isn’t black and white. Most people will fall into the gray area in between the categories. The main question is whether they fall more towards the user category of the used.

It’s probably easiest to explain the used category first. The computing technology market is overflowing with cheap devices and free services. You can get a smartphone for little or even nothing from some carriers, an Internet connected doorbell for a pittance, and an e-mail account with practically unlimited storage for free. On the surface these look like amazing deals, but they come with a hidden cost. The manufacturers of those devices and providers of those services, being predominantly for-profit companies, are making their money in most cases by collecting your personal information and selling it to advertisers and government agencies (both of which are annoying, but the latter can be deadly). While you may think you’re using the technology you’re actually being used through it by the manufacturers and providers.

A user is the opposite. Instead of using technology that uses them, they use technology that they dominate. For example, Windows 10 was a free upgrade for users of previous versions of Windows. Not surprisingly, Windows 10 also collects a lot of personal information. Instead of using Windows 10, users of that operating system are being used by it. The opposite side of the spectrum is something like Linux from Scratch, where a user creates their own Linux distro from the ground up so they know every component that makes up their operating system. As I stated earlier most people fall into the gray area between the extremes. I predominantly run Fedora Linux on my systems. As far as I’m aware there is no included spyware and the developers aren’t otherwise making money by exploiting my use of the operating system. So it’s my system, I’m using it, not being used through it.

Another example that illustrates the user versus the used categories is online services. I sometimes think everybody on the planet has a Gmail account. Its popularity doesn’t surprise me. Gmail is a very good e-mail service. However, Gmail is primarily a mechanism for Google to collect information to sell to advertisers. People who use Gmail are really being used through it by Google. The opposite side of the spectrum (which is where I fall in this case) is self-hosting an e-mail server. I have a physical server in my house that runs an e-mail server that I setup and continue to maintain. I am using it rather than being used by it.

I noted earlier in this article that there is a strong correlation between technical people and users as well as non-technical people and those being used. It isn’t a one-to-one correlation though. I know people with little technical savvy who utilize products and services that aren’t using them. Oftentimes they have a technical friend who assists them (I’m often that friend), but not always. I would actually argue that the bigger correlation to users and those being used is those who are curious about technology versus those who aren’t. I know quite a few people with little technical savvy who are curious about technology. Their curiosity leads them to learn and they oftentimes become technically savvy in time. But before they do they often make use of technology rather than be used by it. They may buy a laptop to put Linux on it without having the slightest clue at first how to do it. They may setup a personal web server poorly, watch it get exploited, and then try again using what they learned from their mistakes. They may decide to use Signal instead of WhatsApp not because they understand the technical differences between the two but because they are curious about the “secure communications app” that their technical friends are always discussing.

Neither category is objectively better. Both involve trade-offs. I generally encourage people to move themselves more towards the user category though because it offers individuals more power over the tools they use and I’m a strong advocate for individual power. If you follow an even slightly radical philosophy though, I strongly suggest that you to move towards the user category. The information being collected by those being used often finds its way into the hands of government agents and they are more than happy to make use of it to suppress dissidents.

The Importance of Open Platforms

Late last week I pre-ordered the UBports Community Edition PinePhone. It’s not ready for prime time yet. Neither of the cameras work and the battery life from what I’ve read is around four to five hours and there are few applications available at the moment. So why did I pre-order it? Because UBports has been improving rapidly, my iPhone is the last closed platform I run regularly (I keep one macOS machine running mostly so I can backup my iPhone to it), and open platforms may soon be our only option for secure communications:

Signal is warning that an anti-encryption bill circulating in Congress could force the private messaging app to pull out of the US market.

Since the start of the coronavirus pandemic, the free app, which offers end-to-end encryption, has seen a surge in traffic. But on Wednesday, the nonprofit behind the app published a blog post, raising the alarm around the EARN IT Act. “At a time when more people than ever are benefiting from these (encryption) protections, the EARN IT bill proposed by the Senate Judiciary Committee threatens to put them at risk,” Signal developer Joshua Lund wrote in the post.

I used Signal as an example for this post, but in the future when (it’s not a matter of if, it’s a matter of when) the government legally mandates cryptographic back doors in consumer products (you know the law will have an exception for products sold to the government) it’ll mean every secure communication application and platform will either have to no longer be made available in the United States or will have to insert a back door that allows government agents and anybody else who can crack the back door complete access to our data.

On an open platform such a Linux this isn’t the end of the world. I can source both my operating system and my applications from anywhere. If secure communication applications are made illegal in the United States, I have the option of downloading and use an application made in a freer area or better yet developed anonymously (it’s much harder to enforce these laws if the government can’t identify and locate the developers). Closed platforms such as iOS and Android (although Android to a lesser extent since it still allows side loading of applications and you can download an image built off of the Android Open Source Project) require you to download software from their walled garden app stores. If Signal is no longer legally available in the United States, people running iOS and Android will no longer be able to use Signal because those apps will no longer be available in the respective United States app stores.

As the governments of the world continue to take our so-called civil rights behind a shed and unceremoniously put a bullet in their heads closed platforms will continue to become more of a liability. Open platforms on the other hand can be developed by anybody anywhere. They can even be developed anonymously (Bitcoin is probably the most successful example of a project whose initial developer remains anonymous), which makes it difficult for governments to put pressure on the developers to comply with laws.

If you want to ensure your ability to communicate securely in the future and you haven’t already transitioned to open platforms, you should either begin your transition or at least begin to plan your transition. Not all of the pieces are ready yet. Smartphones remain one area where open platforms are lagging behind, but there is a roadmap available so you can at least begin planning a move towards open an smartphone (and at $150 the PinePhone is a pretty low risk platform to try).

Alternate Social Media Project Part 1: Riot.im

When I announced that I was cutting back on blogging, I explained that it was so I could focus my energy on other projects. One of those projects, which I’ve dubbed the Alternate Social Media Project (ASMP), has been replacing the social media functionality provided by Facebook. Why? Because Facebook has become not only a total invasion of privacy (which most people apparently don’t give two shits about) but also an increasingly useless platform for anybody with beliefs that aren’t state approved (which people seem to care about when they find themselves being censored by Facebook’s administrators). Rather than demand that the government step in and force Facebook to run its operations in the manner I approve, I decided it would be easier to just move somewhere freer.

This project is occurring in steps. The first step was to find something to fulfill the primary use of social media: communication. My requirements were modest. The solution upon which I settled had to be decentralized, fully usable on mobile platforms, and offer the option of secure communications. I settled on Riot.im since it was one of the few decent options that met those requirements.

Riot.im is the reference client for the Matrix protocol. The Matrix protocol is, basically, an evolution of Internet Relay Chat (IRC). Unlike other attempts to improve on IRC, Matrix is also federated, which means anybody can run a server and those servers can communicate with one another. Facebook demonstrates the importance of federation. If you express wrongthink of Facebook, you risk being exiled. If you express wrongthink on a Matrix server, you risk being exiled from that specific server but you can migrate over to another server, possibly your own server (where you can express all the wrongthink your heart desires). So long as the new server you’re on is federate with the servers your friends are on, you can continue your conversations.

Unlike IRC and many other older communication protocols (XMPP comes to mind), Riot.im works well on mobile devices. Android and iOS like to kill apps in the background and when those apps are killed, all of their active network connections die with them. With IRC this means you have no idea what is going on in the room until you open the app and reconnect. Riot.im, on the other hand, will work like other modern communication tools when your app isn’t running. When activity happens in one of the rooms of which you’re a member, you will receive notifications (unless you disable those notifications). If something piques your interest, you can open the app and jump into the conversation. My previous attempts to migrate friends to other platforms were thwarted because none of them were willing to use something that didn’t play well with mobile. I’m happy to say that Riot.im doesn’t suffer from that shortcoming.

Riot.im fulfills the third criterion by offering the option of end-to-end encryption. Matrix has no concept of direct messages as far as I can tell. When you want to communicate privately with somebody, you’re placed in a private room with them. If you want your communications to be private, you can turn encryption on in the room. Another nice feature is that once encryption is enabled in a room, it cannot be disabled. This setup, although potentially confusing to some people, has two nice features. The first is that this setup enables any room to be encrypted. You and your friends can setup an encrypted room where you can express wrongthink without the server administrators being able to see it (unless you invite them into your room). The second is that you don’t have to worry about somebody secretly turning encryption off at a future point (and thus exposing your wrongthink to outsiders).

Riot.im obviously isn’t a replacement for Facebook. At most it’s a replacement for Facebook Messenger. Since everything on Riot.im occurs in a chatroom, it’s not as easy to have a conversation about a linked article and there is no way to accrue imaginary Internet points like you can with Facebook’s reactions. However, I’m not actually a fan of services that try to do everything. It’s too difficult to replace individual parts when something better rolls around or an update to the current tool makes it unusable.

If you’re interested in migrating off of Facebook or other restrictive social media platforms, you could do worse than starting with Riot.im.

Tim May Has Passed

Yesterday I learned that Tim May, the man who established the concept of crypto-anarchy, passed away:

Tim May, co-founder of the influential Cypherpunks mailing list and a significant influence on both bitcoin and WikiLeaks, passed away last week at his home in Corralitos, California. The news was announced Saturday on a Facebook post written by his friend Lucky Green.

In his influential 1988 essay, “The Crypto Anarchist Manifesto,” May predicted that advances in computer technology would eventually allow “individuals and groups to communicate and interact with each other” anonymously and without government intrusion. “These developments will alter completely the nature of government regulation [and] the ability to tax and control economic interactions,” he wrote.

The Crypto Anarchist Manifesto influenced me greatly. It was an important document when it was released and its importance has only grown since then. Today surveillance technology is pervasive, which has caused many people to feel hopeless but, as The Crypto Anarchist Manifesto pointed out, technological advances would also give people the power to communicate away from the gaze of Big Brother.

May’s predictions did pan out. Consider the Silk Road and it’s various offspring. Crypto-currencies enable people to avoid one of the government’s largest sources of control, monetary exchanges. Tor provides a protocol that allows people to view and host sites anonymously. When these two technologies were combined, the prohibition enforcers had a hell of a time taking it down and only managed to do so because the suspected creator made a post on a clear web forum with an e-mail address associated with an account on Silk Road. Today there are dozens of online drug markets veiled by Tor and crypto-currencies that the prohibition enforcers have so far been unable to take down.

There are numerous technologies available to allow us to communicate with each other secretly. Signal is probably the best example as it is both easy to use and its protocol has remains unbroken. Even clear web traffic has become more difficult to surveil. When Edward Snowden revealed the National Security Agency’s (NSA) pervasive domestic surveillance program, a lot of online traffic was transmitted in the clear. Today more and more traffic is transmitted in an encrypted manner, partially thanks to the efforts of Let’s Encrypt, which allows server administrators to setup trusted Transport Layer Security (TLS) connections for free.

Tim May and the ideas he helped establish deserve a lot of credit for influencing all of this. Fortunately, even though he is no longer with us, his ideas are established and will remain with us.

Trade-offs

I frequently recommend Signal as a secure messaging platform because it strikes a good balance between security and usability. Unfortunately, as is always the case with security, the balance between security and usability involves trade-offs. One of the trade-offs made by Signal has recently become the subject of some controversy:

When Signal Desktop is installed, it will create an encrypted SQLite database called db.sqlite, which is used to store the user’s messages. The encryption key for this database is automatically generated by the program when it is installed without any interaction by the user.

As the encryption key will be required each time Signal Desktop opens the database, it will store it in plain text to a local file called %AppData%\Signal\config.json on PCs and on a Mac at ~/Library/Application Support/Signal/config.json.

When you open the config.json file, the decryption key is readily available to anyone who wants it.

How could the developers of Signal make such an amateurish mistake? I believe the answer lies in the alternative:

Encrypting a database is a good way to secure a user’s personal messages, but it breaks down when the key is readily accessible to anyone. According to Suchy, this problem could easily be fixed by requiring users to enter a password that would be used to generate an encryption key that is never stored locally.

In order to mitigate this issue the user would be required to do more work. If the user is required to do more work, they’ll likely abandon Signal. Since Signal provides very good transport security (the messages are secure during the trip from one user to another) abandoning it could result in the user opting for an easier to use tool that didn’t provide as effective or any transport security, which would make them less secure overall.

iOS and many modern Android devices have an advantage in that they often have dedicated hardware that encryption keys can be written to but not read from. Once a key is written to the hardware data can be sent to it to be either encrypted or decrypted with that key. Many desktops and laptops have similar functionality thanks to Trusted Platform Modules (TPM) but those tend to require user setup first whereas the smartphone option tends to be seamless to the user.

There is another mitigation option here, which is to utilize full-disk encryption to encrypt all of the contents on your hard drive. While full-disk encryption won’t prevent resident malware from accessing Signal’s database, it will prevent the database from being copied from the computer by a thief or law enforcers (assuming they seized the computer when it was off instead of when the operating system was booted up and thus the decryption key for the drive was resident in memory).

A Seemingly Good Idea with a Steep Price

When you use a free e-mail provider, you are the product, which means that the provider most likely snoops through the contents of your e-mail to deliver targeted ads. Because of this I encourage people to move away from free providers. Paid e-mail providers are less inclined to snoop through your e-mails but the best option is to host your own e-mail server. Unfortunately, hosting e-mail is a pain in the ass so very few people are interested in doing it. A new product, Helm, is promising the best of both worlds: self-hosted e-mail without the complexity of administering an e-mail server. From a technical standpoint, it looks like a solid product:

The service takes a best-of-both-worlds approach that bridges the gap between on-premises servers and cloud-based offerings. The server looks stylish and is small enough to be tucked into a drawer or sit unnoticed on a desk. It connects to a network over Ethernet or Wi-Fi and runs all the software required to serve email and calendar entries to authorized devices. An expansion slot allows an additional five terabytes of storage.

The server also provides a robust number of offerings designed to make the service extremely hard to hack, including:

A system-on-a-chip from NXP that stores keys for full-disk encryption and other crypto functions to ensure keys are never loaded into memory, where they might be leaked. The disk encryption is designed to prevent the contents from being read without the key, even if someone gets physical possession of the device.

Support for secure boot and keys that are hardwired during manufacture so the device can only run or install authorized firmware and firmware updates. The devices are manufactured in the US or Mexico to ease concerns about supply-chain weaknesses.

Firmware that only communicates over an encrypted VPN tunnel. This measure prevents employees of the user’s ISP, or anyone monitoring the home or office connection, from knowing who the user is communicating with. The firmware also automatically generates TLS certificates from the free Let’s Encrypt service.

Before being backed up in the cloud, messages are encrypted using a key that’s stored on the personal server and is available only to the end user. That means if the cloud server is ever hacked or the provider is legally compelled to turn over the backed up data, it can’t be decrypted without the key.

Two-factor authentication that’s based on what Helm calls “proximity based security.” The tokens that generate one-time passwords can only be installed on a smartphone that has come into close physical proximity with the Helm device during pairing by someone who knows the device password. Pairing new phones, adding email accounts, or making other changes not only requires a device password but also an OTP from an already-paired phone.

Technical specifications and implementation often don’t match so I’ll be interested to see how well this product works in the wild. However, I’m guessing that this product isn’t going to fly off of the shelves because the price is steep:

The startup is betting that people will be willing to pay $500 to purchase the box and use it for one year to host some of their most precious assets in their own home. The service will cost $100 per year after that. Included in the fee is the registration and automatic renewal of a unique domain selected by the customer and a corresponding TLS certificate from Let’s Encrypt.

$500 is a lot of money for a consumer-grade embedded computer and a $100 per year subscription fee isn’t chump change no matter how you shake it. You can buy a ProtonMail subscription for significantly less and enjoy what most consumer would consider pretty reasonable security. But if you want a self-hosted e-mail option without the hassle that usually accompanies setting up and maintaining your own e-mail server (and have a few Benjamins to spare), this may be a product to look into.